Troj/Agent-GE is a backdoor Trojan for the Windows platform.
The Trojan drops the file ws0ck32.dll into the Windows system folder and registers it as a replacement for the Winsock library by modifying the PackedCatalogItem value in all registry keys below:
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
Catalog_Entries\.
After dropping the file, Troj/Agent-GE attempts to connect to http://www.google.org.
The Trojan adds registry entries below:
HKLM\SYSTEM\ControlSet001\Services\Winsock\Security\
that it uses to pass configuration information on to the dropped DLL file.
The ws0ck32.dll component intercepts network traffic and provides backdoor functionality, allowing a malicious user to remotely list running processes and files, up- and download files and execute arbitrary commands on a compromised system.
Troj/Agent-GE may also drop the harmless file svchost.bat into the Windows system folder.